I'm working on a (Debian) Dreamhost VPS, and it seems to want password-based authentication only: adding my RSA and DSA public keys to ~/.ssh/authorized_keys did not change the behavior of requiring a password to log in.

5 Answers
5

# Both of these are probably already there, but commented
PubkeyAuthentication yes
# The next line makes sure that sshd will look in
# $HOME/.ssh/authorized_keys for public keys
AuthorizedKeysFile %h/.ssh/authorized_keys

Additionally, if you want to disable password authentication alltogether (which is usually a good idea, if you use keypairs), add the following:

# Again, this rule is already there, but usually defaults to 'yes'
PasswordAuthentication no

After that, restart ssh by issueing /etc/init.d/sshd restart and you should be fine!

The above assumes you have already properly created the .ssh dir with the proper permissions.

Here are the steps:
1. Upload your public key to the site and add it to the ~/.ssh/authorized_keys file.
2. Ensure that the authorized keys has attributes of 0600 (chmod 0600 ~/.ssh/authorized_keys)
3. Now try to ssh, if you using putty, run the pageant and load your private key.

This is incorrect and not really an answer to the question: 1) The question author has already indicated that he created the authorized_keys file. 2) authorized_keys should be flagged with 0644, not 0700.
–
Aron RotteveelSep 17 '11 at 13:59

1

ARAIR authorized_keys should be 0600 and .ssh should be 0700. And I believe this is correct answer, as (from my experience) in 99% cases publickey auth does not work to due to options in sshd_config, but due to wrong permissions.
–
rvsSep 17 '11 at 14:03

1

@rvs seems that 0600 works fine indeed as well, so you're right. Chmod 0700 on .ssh is of course still necessary.
–
Aron RotteveelSep 17 '11 at 14:09

This was also causing me issues on a server which our SysAdmins use as a jumphost. It was pointed out to me that each user has to be created locally, such that /home/user[123]/authorized_keys has to exist and contain their pub key. Said file needs to be chown'ed as user1:user1.

ssh-rsa ...insert pub key string... user1@local

Creating ~/.ssh/config locally, on the near host, also helps connect faster and define a useful option, namely 'EscapeChar ~'

This may or may not be necessary, chmod 0600 /user1/.ssh/authorized_keys and chmod 0700 /root/.ssh/. It did not help me during my first attempts to troubleshoot.